Skills
.Work. You
Rest

ctf-web-recon

Official

Rapidly discover CTF web attack surfaces in 2–3 rounds

Software Engineering#ctf#web-recon#recon#js-analysis#source-leak#backup-files#tech-fingerprinting
Authorwgpsec
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Provides a focused, time-boxed reconnaissance methodology for CTF web challenges to quickly surface hidden endpoints, leaked source, and backup files so players can move to exploitation within a few rounds rather than performing broad asset enumeration.

Core Features & Use Cases

  • Homepage triage: Inspect response headers, cookies, and HTML comments to extract hints about technology and potential entry points.
  • Key path enumeration: Prioritized checks for robots.txt, .git leaks, common backup files, admin/login paths, and other high-value files.
  • JavaScript and tech fingerprinting: Fetch and scan referenced JS for API endpoints, hard-coded secrets, and framework indicators to guide targeted attacks.
  • Use Case: In a CTF web challenge, run the 2–3 round recon sequence to quickly find a backup archive or .git leak that contains source revealing an exploitable endpoint.

Quick Start

Inspect the target homepage, fetch robots.txt and .git/HEAD, and scan referenced JavaScript and common backup paths to list likely hidden endpoints and source leaks.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: ctf-web-recon
Download link: https://github.com/wgpsec/AboutSecurity/archive/main.zip#ctf-web-recon

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.